Just a few years ago, sending encrypted messages was a challenge. Just to get started, you had to spend hours following along with jargon-filled tutorials, or be lucky enough to find a nerd friend to teach you. The few that survived this process quickly hit a second barrier: They could only encrypt with others who had already jumped through the same hoops. So even after someone finally set up encrypted email, they couldn’t use it with most of the people they wanted to send encrypted emails to.
The situation is much better today. A number of popular apps have come along that make encryption as easy as texting. Among the most secure is Signal, open-source software for iOS and Android that has caught on among activists, journalists, and others who do sensitive work. And probably the most popular is WhatsApp, a Facebook-owned platform with encryption setup derived from Signal. For me, the spread of encrypted chat apps means that, with very few exceptions, all of my text messages — with friends, family, or for work — are end-to-end encrypted, and no one even has to understand what a “public key” is.
But there is a major issue with both Signal and WhatsApp: Your account is tied to your phone number.
This makes these apps really easy to use, since there are no usernames or passwords to deal with. It also makes it easy to discover other app users; if someone is a contact in your phone and has the app installed, you can send them encrypted texts with no further effort.
But it also means that if you want people to be able to send you messages securely, you need to hand out your phone number. This puts people who interact with the public in an awkward bind: Is the ability for strangers to contact you securely worth publishing your private phone number?
In this article I explain how to create a second Signal number that is safe to publish on your Twitter bio and business cards, so strangers have an easy way to contact you securely, while your primary phone number remains private. I explain how to obtain a second phone number, how to register it with the Signal server, and how to configure it to use Signal Desktop — even if you’re already using Signal Desktop with your private phone number. I will focus on Signal rather than WhatsApp for reasons I’ll explain further down (basically, WhatsApp appears to block non-cellular phone numbers that make all this possible with Signal).
When you give out your phone number, you risk opening yourself up to abuse. As freedom of expression activist Jillian York wrote on her personal blog, “As a woman, handing out my phone number to a stranger creates a moderate risk: What if he calls me in the middle of the night? What if he harasses me over SMS? What if I have to change my number to get away from him?”
If you’re a public figure, and especially if you’re a women or person of color, you’re probably used to sexist or racist jerks yelling slurs and threats at you on Twitter, Facebook, and in the comments section under the articles you write. Publishing your private phone number could make this problem worse and could make these people harder to mute.
It could also open up your online accounts to attack. Last year, someone hacked racial justice activist DeRay Mckesson’s Twitter and email accounts by taking over his phone number. The hacker called Verizon and, impersonating Mckesson, asked to change the SIM card associated with his phone number to a new one that they controlled, so they could receive SMS messages sent to his phone number.
By calling @verizon and successfully changing my phone's SIM, the hacker bypassed two-factor verification which I have on all accounts.
— deray mckesson (@deray) June 10, 2016
Having a unique public number just for Signal could mitigate this sort of attack; it’s harder for a hacker to hijack the number that’s tied to your Twitter and email accounts if they don’t know it in the first place.
(If an attacker takes control of your phone number, like they did with Mckesson, they could also take over your Signal account. If someone did this to your friend, you’d see a “safety number changed” warning in Signal — the same message you see when a friend gets a new phone. If you ignore this warning and text them anyway, you’ll actually be texting the attacker. You can verify safety numbers to confirm that your Signal app is encrypting messages to your friend’s phone, and not to some attacker’s phone.)
When you open the Signal app for the first time and type in your phone number, here’s what happens:
The initial step of verifying a phone number is the only step in which the phone network is involved. After this, Signal uses the internet for everything. Your phone number is only used as a way to identify your Signal account (basically, it’s your username), and your phone company doesn’t have access to any information about anything that goes on in Signal.
This means that, as long as you have access to a phone number where you can answer voice calls, like a landline or a VoIP number, you can use that phone number with Signal. (This isn’t true for all services. WhatsApp seems to only allow you to register using phone numbers distributed by cellphone carriers — but I’ve heard mixed reports, so it doesn’t hurt to try.)
In order to proceed, you need to obtain a second phone number that you’re OK with publishing. This can be:
It’s important to maintain control of this phone number. For example, you could use a disposable SMS service to register with Signal — there are many such services if you search for them — but those phone numbers can be used by anyone. Similarly, you should avoid using a public payphone’s number, or a SIM card on which you do not intend to renew service. If someone else can receive SMS messages or phone calls to this phone number, they can take your Signal account away from you.
If you have tips for other ways to obtain permanent phone numbers, post them in the comments.
In order to register your second phone number with Signal, you’re going to need a dedicated device for it — or at least a dedicated user account on a device. The device doesn’t need to have any phone service, and it doesn’t even technically need to be a phone. Here are your options.
If you’re an Android user, you’re in luck. You likely have never used this feature, but Android supports multiple user accounts on a single device. Each user account has its own set of apps and app data. You can create a second user account on your device specifically for your second Signal number.
Open the Settings app, select Users, and select “Add user or profile” to add a new user. After creating a new user, log in to it and install the Signal app. Don’t forget to set up screen lock for the new user — otherwise, anyone with physical access to your phone will be able to easily access the Signal messages in your second user, even if your main user account is locked.
To switch between users on your phone, drag the notification bar down and tap on the user icon.
If you’re an iPhone user, and you’re already using Signal with your private phone number, setting up your public Signal account is a bit more complicated. Unfortunately, there’s no way to set up two separate Signal phone numbers on the same iPhone.
The simplest way to proceed is to find a separate iOS or Android device and use that for the second number. This device doesn’t need phone service or a SIM card. It could be an old iPhone or Android phone you don’t use anymore, or an iPad, iPod Touch, or Android tablet.
You can also elect to use your new public phone number only with Signal Desktop. Doing this involves removing your private Signal account from your iPhone, setting up the public account and Signal Desktop, and then restoring the private account, which will generate a warning to your contacts that your safety number has changed. It also significantly limits the ways you can use Signal, as I outline below.
For the truly geeky, it’s also possible to use your computer to register the second Signal number, but only go this route if you’re the type of computer nerd who enjoys troubleshooting tricky problems. You can use a command-line tool called signal-cli to register your phone number with Signal service, or you can install android-x86 inside a virtual machine and use that as a virtual Android device for Signal. If that seems like a bit much, you’re better off tracking down an old smartphone instead.
Now that you have a second phone number and a device picked out, it’s time to register it with Signal. I’m using an Android device in the following photos, but the process in iOS is similar.
On your second Signal device (or the second user of your Android phone), open the Signal app for the first time. Type in the phone number you’ve obtained to use as your public Signal number (don’t type in your private phone number!), and register the phone number.
Register with Signal using the second phone number you obtained.
Wait two minutes for SMS verification to fail.
If all goes well, the verification process will succeed, and your new phone number will be registered with the Signal service.
And that’s it! This device can now receive messages to your second Signal phone number. You can tell everyone they can contact you using Signal with this phone number, and the text messages will end up going to this device.
But now you also have to deal with checking two separate devices for your messages (or two separate users on one Android device). To make things a bit more usable, you might want to set up Signal Desktop.
The desktop version of Signal is a Google Chrome app, which means that you install it inside of your browser (this will be changing soon, more on that below). You can read more about Signal Desktop here, including some security considerations on whether you should use the desktop version.
If you’d like to use Signal Desktop with just one of your phone numbers, this is simple. For example, maybe you’ll only use Signal on your phone for your personal number, but you’ll use Signal Desktop for your second, public Signal number. In this case, just install Signal Desktop from the Chrome Web Store, and follow the instructions to configure it using the Signal device of your choice.
If you’d like to use Signal Desktop with both phone numbers, you need to set up separate Chrome profiles (or “People”). Most Chrome users only have their default profile — this stores browser history, bookmarks, Chrome apps, and other settings. But it’s possible to create new profiles and easily switch between them. You can set up Signal Desktop in your default profile for your private phone number and create a second Chrome profile specifically for your second Signal number.
Signal developers are currently switching up how Signal Desktop works. Soon it will be a standalone app, no longer through Chrome. This means that you won’t be able to run two copies at the same time by creating two different Chrome profiles. But, for the time being, the following instructions still work fine.
First, let’s set up Signal Desktop for your personal phone number in your default Chrome profile (if you already use Signal Desktop, skip the next few paragraphs). Open Chrome and go here to install Signal Desktop. After it’s installed, a welcome screen will pop up explaining that you need to install Signal on your phone first, and showing you a QR code to scan from your phone, like this:
Follow the instructions using Signal on your personal cellphone to link it to this Signal Desktop.
You probably also want to make sure that this Signal Desktop is easy to open. If you’re using a Mac, right-click on the dock icon, select Options, and check “Keep in Dock.” If you’re using Windows, right-click on the taskbar icon and select “Pin to taskbar.”
Now it’s time to create a new Chrome profile for your second Signal phone number. Start by opening the Chrome menu (the icon in the top-right of your browser with three dots) and choose Settings. Under People at the top, click “Manage other people.”
In the bottom-right, click “Add person.” Come up with a name and an icon for this Chrome profile. In this screenshot, I’m calling my new person “Signal for strangers” and giving it a ninja avatar.
After clicking the save button, a whole new Chrome window opens with “Signal for strangers” in the top-right corner. (Note that you can click the name of your profile in the top-right to switch to other profiles.)
Like you did with your other profile, go here and install Signal Desktop. Again, a fresh new welcome window will pop up giving you instructions to get started, again with a QR code.
Follow the instructions, but this time, use your device for your second Signal number (or the second Android user, if you’re doing it all on one Android phone). When you’re done, you’ll have successfully linked your second Signal phone number to your second Signal Desktop!
You should make sure that this Signal Desktop is easy to open as well. If you’re using Mac, right-click on the second Signal dock icon, select Options, and check “Keep in Dock.” If you’re using Windows, right-click on the second Signal taskbar icon and select “Pin to taskbar.”
Now you should have two separate Signal Desktop icons, one for your private phone number and the other for the second phone number you just set up. You can also hold the mouse over the different Signal icons to tell them apart.
Finally, here’s a tip for running multiple Signal Desktops on the same computer. Within Signal Desktop, click the three dots menu icon and choose Settings. This allows you to choose between three different themes. Make sure that your two different Signal Desktop windows have different themes to make them easier to tell apart.
(For the few of you who run the Qubes operating system, this process is much simpler. Just install Signal Desktop in separate AppVMs for each phone number. This is what I do.)
Now that your public Signal number is safe to publish, and encrypted texts go straight to your desktop, it might be tempting to only use the desktop app for this phone number. This is fine, but you should be aware of its limitations.
Signal Desktop app has fewer features than the mobile app. You can’t have encrypted voice or video calls in Signal Desktop, and you also can’t create or modify Signal groups — if you need to do these things, you have to do them on the mobile device. And while disappearing messages work fine, there’s no interface to delete individual messages from the desktop app.
Another Signal Desktop limitation is that there’s no way to assign names to Signal contacts from there; Signal relies on your phone’s contacts to translate phone numbers into names. So if you’d like to assign a name to a contact, you have to add them as a contact on the mobile device that you registered this Signal number with first.
Finally, messages that arrive to Signal Desktop, but not to the phone used to set up Signal Desktop, will accumulate on the server. Here’s why: When someone sends you a Signal message, their Signal app encrypts the message and sends it to the server. The server stores this encrypted message until it can be successfully delivered to your devices, and then the server deletes its copy after. But since your Signal account is associated with two devices, the mobile app and the desktop app, the server won’t delete its copy of the encrypted message until it successfully delivers the message to both devices. Therefore, it’s important to periodically power on your mobile device that you configured Signal on, even if you intend to primarily just use the desktop app.
At the moment, you can only register a Signal account using a phone number, but a future version of Signal could support other identifiers as well, such as email addresses.
Just like with phone numbers, Signal could automatically verify email addresses. And like with phone numbers, people store email addresses in their phone’s contacts, so contact discovery could still be automatic. Unlike private phone numbers though, journalists and activists routinely publish their email addresses for strangers to contact them. And for those who wish to use Signal anonymously, like whistleblowers, it’s much simpler to obtain an anonymous email address than an anonymous phone number.
This feature has been widely requested by users, and the associated issue is still open on GitHub, where you can find Signal’s source code. But will Signal’s developers implement it? I asked, and they told me that they don’t comment on new features until they’ve shipped them.
If you have any feedback about this tutorial, please post it on the comments, or contact me on Signal at (415) 964-1601.
Registering a landline with WhatsApp also works – tested in Germany. If SMS verification failed it will automatically offer a call instead. A computer voice will tell you the verification code.
WhatsApp is a mess, it gets compromised every 6 months.
Don’t use it unless the illusion of privacy is more important than actual privacy.
On
https://www.ringring.net
you can obtain German or Austrian landline numbers that you can use for your second Signal account (I did it just now) from anywhere in the world. You need to register with e-mail. I had to give an actual phone number during the registration but never received anything on it. So, probably you can give also a random number.
Cheers!
Why not use the Talkatone app on android? Its free and also allows for number creation anonymously. (especially if you can VM an android tablet
Still haven’t hooked up again with a cell phone and it’s now been more than 5 years since I carried just a cheap-ass prepaid for work. Maybe someday, when I want to help Big Brother track my whereabouts every minute I’m not at home, again.
Otherwise, Micah, I think even being “lucky enough to find a nerd friend” – to personally teach me NSA-proof encrypted communications – would probably also make me really paranoid. ;)
Waaaaaat? There is nothing in The Intercept that I trust less than their comments on privacy tech, and this is bad even for them.
First off, encryption is hardly new or only for nerds – the old standby PGP 2.4a dates back to the 90s, and there’s GPG. Trading the public key is slightly risky, but if you read it over the phone or any internet video to your correspondent that is pretty hard for a man-in-the-middle to fool with, though the NSA probably has some ideas.
Second, if a company demands some bullshit anti-privacy thing, then FULL STOP. There’s no need to go on and try to figure out why – their demand is proof that they are compromised. I don’t want to hear anything else. I don’t want my brother mouse to show me the “right” way to eat the cheese out the trap. They’re DONE, over with, move on, not interested, give it the fuck up! The whole crooked smart phone culture of “apps” and censored stores and the corrupt developers who work with them is not even worth looking at.
Third, you have to be fucking kidding me. The way to deal with your home phone number being too private is to give out … your WORK phone number??? I mean, that’s beyond stupid. Sure, nowadays your work will probably fire you anyway the second they figure out you have some unauthorized political opinion, but you should at least make the bastards admit that is what they do to their chattel property rather than pretend they are simply butthurt that their office is getting angry phone calls over some shit you posted.
Fourth … the ad hominem I started with. Maybe it’s not fair, but I don’t wanna be a Reality Winner, and I don’t want to take privacy suggestions from the folks who published her printout complete with secret coded dots. You simply have _zero_ credibility. I wonder how many folks at The Intercept work for somebody else.
Wnt or whatever you designate yourself to be, it is time you find yourself something to do. You are always making comments that I came to the conclusion that you’re a government spy, and also never-do-well. Intercept did not send an invitation to you to read its posts or articles. You’re attacking every Intercept writer and readers. Look, I have a job opening at a psychiatric facility in DC, please you’re welcome to walk in start a job that befits you without submitting any application. You’ll be more than WELCOME!!!
I wish these security columns were more regular feature. People could discuss pros and cons and keep abreast of recent developments.
For example, Firefox is undergoing a makeover with most of my extensions now marked as “Legacy.” The Self Destructing Cookies extension stopped working in a “silent fail” leaving my browser exposed to tracking without warning.
There is a new extension called Cookie AutoDelete which is supposed to make the transition.
Amazon is using super cookies, which put information in the Flash player. These cookies are available to other Amazon related companies (and probably DoD as well). There is another super cookie related to the https protocol, but I know little about it.
PIA, Private Internet Access, is located in London so I have to suspect they are under the thumb of British MoD. Your VPN provider is well positioned to execute man in the middle attacks. I suspect they are running a virtual Tor node that connects to the Tor network for MITM Attacks. In other words, you connect to them and they connect to Tor for you, then log your metadata. I wish I knew for sure one way or the other.
ProtonMail looks like a bust. HushMail seems to be working and has some new features.
CCleaner was hacked but recovered. It may or may not deal with super cookies.
You can check Flash based Amazon super cookies online, but if you remove the cookie you will need to re-authenticate every time you log into Amazon.
https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
Niiicce tutorial! But until Signal becomes metadata free, I’ll continue using Ricochet and unMessage!
There are other options besides Signal, e.g.: XMPP with its clients or Matrix/Riot (the more nerdy stuff) — or Wire. The latter is prettier than Signal, has more features (great audio and video quality), is hosted in Europe, and from next year on, you’ll be able to host it on your own server, including federation! And you just need an email address if you don’t want to use the phone number. https://wire.com/en/privacy/
(I am just a user who wants more of his contacts to be on Wire. I am not affiliated with them.)
Any thoughts on Wire (https://wire.com/en/)? Claims to be end to end encrypted like Signal, and needs only an email to set up.
There are other options besides Signal, e.g.: XMPP with its clients or Matrix/Riot (the more nerdy stuff) — or Wire. The latter is prettier than Signal, has more features (great audio and video quality), is hosted in Europe, and from next year on, you’ll be able to host it on your own server, including federation! And you just need an email address if you don’t want to use the phone number. https://wire.com/en/privacy/
(I am just a user who wants more of his contacts to be on Wire. I am not further affiliated with them.)
Hi Micah,
This isn’t as easy as it should be. There’s a new alternative that I noticed recently – keybase.io. This performs encryption similar to Signal but also offers a phone number free way to create an online reputation based on p2p relations. So, someone hijacking one of the accounts (phone number, twitter etc.) will be marked/highlighted on Keybase. Worth checking out if you would like an alternative.
A little knowledge is a dangerous thing, usually. To wit, Matthew Cole, Richard Esposito, Sam Biddle and Ryan Grim are four intrepid reporters of The Intercept who got Reality Leigh Winner into Big Trouble by their inept knowledge.
I wish they had consulted Micah Lee when they felt the itch to perform underhand deals with contents of Winner’s pantyhoses . Micah Lee is quite an expert, and he would have prevented his team mates and the FBI Director and his agents getting infected with the noxious body fluids usually resident in such environments.
Follow the advise here, but don’t do anything subversive or you will surely get caught. Groups like ISIS have their own manuals and undergo rigorous training to avoid detection. It is just providence that the CAGE chap was apprehended with contraband stuff, or else he would have also gone through easily.
it does seem rather odd/fishy on the face of it. there are numerous IM clients (lacking encryption) that don’t require something as uniquely identifiable as an individual’s phone number. why does signal need it?? uniqueness can’t be the reason – surely it’s easy to test for existing user IDs?
also, devices are becoming less reliant on mobile networks. you can’t use signal on wifi-only tablets/phones (with the kludge described here).
Section on adding a seconf account to Android Signal appears to be incorrect. I have current Signal on Android. There is no “User” section in settings. If you meant the Android Settings app (which is how your article reads, but makes no sense mechanically), there is also no “User” section, only sync and remove connection. So, great article, incorrect/unusable ‘how to.’
So let me get this straight. The intercept is doing advertising for FACEBOOK-NSA SPYWARE, which is what “WhatsApp” is. Also they are doing advertising for phone companies. And they are not mentioning that even if data were actually ‘end to end’ encrypted, FACEBOOK-NSA sitll knows who is calling who, when, for how long, etc.
So, what is your suggestion? What is your solution? The Intercept is NOT doing any advertising for any company…and you know that, Right? How can you have the gut to accuse The Intercept of advertising for Facebook and NSA of all establishments? Have nothing to say, go to bed and watch Fox TV or Fox News…they will love your presence, and of course, IT IS FREE!!!
TAILS
If you ever watched BLACKLIST then you would know that the 1-2-3 linking pattern of contacts tells the whole story. The metadata pattern of this is revealing. The reason for this spy-on-you always is so that when the day comes that you support a third candidate for public office who is not a member of the CFR or chosen by the deep state or sponsored by wallstreet thieves, you and your contacts will get FLAGGED.
After you get flagged, all your posts will be digested and profiled. Then, if you have a powerful voice that people listen to and follow, you will be somehow diminished or eliminated.
I can’t believe the Intercept is giving such a truncated view of reality.
1) The real point is / The real reason why your phone number is important is: messages contents encryption is irrelevant. Former CIA Director Michael Hayden said it: ‘We Kill People Based On Metadata’. That is, they only need to know your phone number, and which other people (which other phone numbers) you send messages to, in order to draw conclusions and terminate people.
2) WhatsApp, although they claim to encrypt messages, never *ever* denied sharing metadata with surveillance authorities. And Signal, with the same tech lead Moxie Marlinspike, is developed / hosted in the USA. Obeying the laws of the US. You *cannot* trust a communication company which is based in the US. And Open Whispers Systems is extremely opaque about their business model, NSF/government grants. Where do they get the funding from? If the product is free, then *YOU* are the product.
Please dear Intercept, don’t mislead your readers, you’re better than that. Stop promoting US products that are slaves to US surveillance laws.
Great comment, thanks.
Best comment here Stephan S. Until Signal allows anonymous email signups, it’s useless.
About Wire (mentioned in comments), see https://wire.com/en/legal/ “15.2 If you are using the Service in the United States the following applies: These Terms of Service will be is governed by, and will be construed under, the laws of the United States of America and the laws of the State of California”
There’s also Threema https://threema.ch/en which, although isn’t open source (but who checks source codes anyway, seriously?), is fully anonymous by default and does *not* serve the laws of the USA (notably those FISA Court secret orders that have authority to subdue and silently corrupt any company that operates in the US).
Free Reality Winner on bail
PUTrumpIN
jail
Look fwd to geeting ur info
I can’t wait until Signal makes this process much more easier.
“The desk phone at your office.”
Uh, no. This is terrible advice. Never ever marry work accounts and devices and personal accounts and devices.
Many people interact with the public as part of their jobs, like journalists and people who work for advocacy organizations. Using a desk phone is perfect for this situation — this way your readers, constituents, or others can securely contact you, without you needing to share your private phone number.
WikiLeaks reveals that literally every router in America has been compromised
http://bit.ly/2rQUN4k
Can you give us a link or search string to use at http://Wikileaks.com to find said data?